21 use Luracast\Restler\RestException;
22 use Luracast\Restler\Format\UploadFormat;
24 require_once DOL_DOCUMENT_ROOT.
'/main.inc.php';
25 require_once DOL_DOCUMENT_ROOT.
'/core/lib/files.lib.php';
39 public static $DOCUMENT_FIELDS = array(
69 public function index($modulepart, $original_file =
'')
73 if (empty($modulepart)) {
74 throw new RestException(400,
'bad value for parameter modulepart');
76 if (empty($original_file)) {
77 throw new RestException(400,
'bad value for parameter original_file');
81 $entity = $conf->entity;
92 $relativefile = $original_file;
95 $accessallowed = $check_access[
'accessallowed'];
96 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
97 $original_file = $check_access[
'original_file'];
99 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
100 throw new RestException(401);
102 if (!$accessallowed) {
103 throw new RestException(401);
106 $filename = basename($original_file);
107 $original_file_osencoded =
dol_osencode($original_file);
109 if (!file_exists($original_file_osencoded)) {
110 dol_syslog(
"Try to download not found file ".$original_file_osencoded, LOG_WARNING);
111 throw new RestException(404,
'File not found');
114 $file_content = file_get_contents($original_file_osencoded);
115 return array(
'filename'=>$filename,
'content-type' =>
dol_mimetype($filename),
'filesize'=>filesize($original_file),
'content'=>base64_encode($file_content),
'encoding'=>
'base64');
140 public function builddoc($modulepart, $original_file =
'', $doctemplate =
'', $langcode =
'')
142 global $conf, $langs;
144 if (empty($modulepart)) {
145 throw new RestException(400,
'bad value for parameter modulepart');
147 if (empty($original_file)) {
148 throw new RestException(400,
'bad value for parameter original_file');
151 $outputlangs = $langs;
152 if ($langcode && $langs->defaultlang != $langcode) {
154 $outputlangs->setDefaultLang($langcode);
158 $entity = $conf->entity;
169 $relativefile = $original_file;
172 $accessallowed = $check_access[
'accessallowed'];
173 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
174 $original_file = $check_access[
'original_file'];
176 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
177 throw new RestException(401);
179 if (!$accessallowed) {
180 throw new RestException(401);
184 $hidedetails = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 0 : 1;
185 $hidedesc = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 0 : 1;
186 $hideref = empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 0 : 1;
190 if ($modulepart ==
'facture' || $modulepart ==
'invoice') {
191 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
192 $this->invoice =
new Facture($this->db);
193 $result = $this->invoice->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
195 throw new RestException(404,
'Invoice not found');
198 $templateused = $doctemplate ? $doctemplate : $this->invoice->model_pdf;
199 $result = $this->invoice->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
201 throw new RestException(500,
'Error generating document');
203 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'invoice_supplier') {
204 require_once DOL_DOCUMENT_ROOT .
'/fourn/class/fournisseur.facture.class.php';
206 $result = $this->supplier_invoice->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
208 throw new RestException(404,
'Supplier invoice not found');
211 $templateused = $doctemplate ? $doctemplate : $this->supplier_invoice->model_pdf;
212 $result = $this->supplier_invoice->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
214 throw new RestException(500,
'Error generating document');
216 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
217 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
218 $this->order =
new Commande($this->db);
219 $result = $this->order->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
221 throw new RestException(404,
'Order not found');
223 $templateused = $doctemplate ? $doctemplate : $this->order->model_pdf;
224 $result = $this->order->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
226 throw new RestException(500,
'Error generating document');
228 } elseif ($modulepart ==
'propal' || $modulepart ==
'proposal') {
229 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
230 $this->propal =
new Propal($this->db);
231 $result = $this->propal->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
233 throw new RestException(404,
'Proposal not found');
235 $templateused = $doctemplate ? $doctemplate : $this->propal->model_pdf;
236 $result = $this->propal->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
238 throw new RestException(500,
'Error generating document');
240 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
241 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
243 $this->contract =
new Contrat($this->db);
244 $result = $this->contract->fetch(0, preg_replace(
'/\.[^\.]+$/',
'', basename($original_file)));
247 throw new RestException(404,
'Contract not found');
250 $templateused = $doctemplate ? $doctemplate : $this->contract->model_pdf;
251 $result = $this->contract->generateDocument($templateused, $outputlangs, $hidedetails, $hidedesc, $hideref);
254 throw new RestException(500,
'Error generating document missing doctemplate parameter');
257 throw new RestException(403,
'Generation not available for this modulepart');
260 $filename = basename($original_file);
261 $original_file_osencoded =
dol_osencode($original_file);
263 if (!file_exists($original_file_osencoded)) {
264 throw new RestException(404,
'File not found');
267 $file_content = file_get_contents($original_file_osencoded);
268 return array(
'filename'=>$filename,
'content-type' =>
dol_mimetype($filename),
'filesize'=>filesize($original_file),
'content'=>base64_encode($file_content),
'langcode'=>$outputlangs->defaultlang,
'template'=>$templateused,
'encoding'=>
'base64');
294 if (empty($modulepart)) {
295 throw new RestException(400,
'bad value for parameter modulepart');
298 if (empty($id) && empty($ref)) {
299 throw new RestException(400,
'bad value for parameter id or ref');
302 $id = (empty($id) ? 0 : $id);
306 if ($modulepart ==
'societe' || $modulepart ==
'thirdparty') {
307 require_once DOL_DOCUMENT_ROOT.
'/societe/class/societe.class.php';
309 if (!DolibarrApiAccess::$user->hasRight(
'societe',
'lire')) {
310 throw new RestException(401);
313 $object =
new Societe($this->db);
314 $result = $object->fetch($id, $ref);
316 throw new RestException(404,
'Thirdparty not found');
319 $upload_dir = $conf->societe->multidir_output[$object->entity].
"/".$object->id;
320 } elseif ($modulepart ==
'user') {
321 require_once DOL_DOCUMENT_ROOT.
'/user/class/user.class.php';
324 if (!DolibarrApiAccess::$user->rights->user->user->lire && DolibarrApiAccess::$user->id != $id) {
325 throw new RestException(401);
328 $object =
new User($this->db);
329 $result = $object->fetch($id, $ref);
331 throw new RestException(404,
'User not found');
334 $upload_dir = $conf->user->dir_output.
'/'.
get_exdir(0, 0, 0, 0, $object,
'user').
'/'.$object->id;
335 } elseif ($modulepart ==
'adherent' || $modulepart ==
'member') {
336 require_once DOL_DOCUMENT_ROOT.
'/adherents/class/adherent.class.php';
338 if (!DolibarrApiAccess::$user->rights->adherent->lire) {
339 throw new RestException(401);
343 $result = $object->fetch($id, $ref);
345 throw new RestException(404,
'Member not found');
348 $upload_dir = $conf->adherent->dir_output.
"/".
get_exdir(0, 0, 0, 1, $object,
'member');
349 } elseif ($modulepart ==
'propal' || $modulepart ==
'proposal') {
350 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
352 if (!DolibarrApiAccess::$user->hasRight(
'propal',
'lire')) {
353 throw new RestException(401);
356 $object =
new Propal($this->db);
357 $result = $object->fetch($id, $ref);
359 throw new RestException(404,
'Proposal not found');
362 $upload_dir = $conf->propal->multidir_output[$object->entity].
"/".
get_exdir(0, 0, 0, 1, $object,
'propal');
363 } elseif ($modulepart ==
'supplier_proposal') {
364 require_once DOL_DOCUMENT_ROOT.
'/supplier_proposal/class/supplier_proposal.class.php';
366 if (!DolibarrApiAccess::$user->rights->supplier_proposal->read) {
367 throw new RestException(401);
370 $object =
new Propal($this->db);
371 $result = $object->fetch($id, $ref);
373 throw new RestException(404,
'Supplier proposal not found');
376 $upload_dir = $conf->propal->multidir_output[$object->entity].
"/".
get_exdir(0, 0, 0, 1, $object,
'propal');
377 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
378 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
380 if (!DolibarrApiAccess::$user->hasRight(
'commande',
'lire')) {
381 throw new RestException(401);
385 $result = $object->fetch($id, $ref);
387 throw new RestException(404,
'Order not found');
390 $upload_dir = $conf->commande->dir_output.
"/".
get_exdir(0, 0, 0, 1, $object,
'commande');
391 } elseif ($modulepart ==
'commande_fournisseur' || $modulepart ==
'supplier_order') {
392 $modulepart =
'supplier_order';
394 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.commande.class.php';
396 if (empty(DolibarrApiAccess::$user->rights->fournisseur->commande->lire) && empty(DolibarrApiAccess::$user->rights->supplier_order->lire)) {
397 throw new RestException(401);
401 $result = $object->fetch($id, $ref);
403 throw new RestException(404,
'Purchase order not found');
407 } elseif ($modulepart ==
'shipment' || $modulepart ==
'expedition') {
408 require_once DOL_DOCUMENT_ROOT.
'/expedition/class/expedition.class.php';
410 if (!DolibarrApiAccess::$user->rights->expedition->lire) {
411 throw new RestException(401);
415 $result = $object->fetch($id, $ref);
417 throw new RestException(404,
'Shipment not found');
420 $upload_dir = $conf->expedition->dir_output.
"/sending/".
get_exdir(0, 0, 0, 1, $object,
'shipment');
421 } elseif ($modulepart ==
'facture' || $modulepart ==
'invoice') {
422 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
424 if (!DolibarrApiAccess::$user->hasRight(
'facture',
'lire')) {
425 throw new RestException(401);
428 $object =
new Facture($this->db);
429 $result = $object->fetch($id, $ref);
431 throw new RestException(404,
'Invoice not found');
434 $upload_dir = $conf->facture->dir_output.
"/".
get_exdir(0, 0, 0, 1, $object,
'invoice');
435 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'supplier_invoice') {
436 $modulepart =
'supplier_invoice';
438 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.facture.class.php';
440 if (empty(DolibarrApiAccess::$user->rights->fournisseur->facture->lire) && empty(DolibarrApiAccess::$user->rights->supplier_invoice->lire)) {
441 throw new RestException(401);
445 $result = $object->fetch($id, $ref);
447 throw new RestException(404,
'Invoice not found');
450 $upload_dir = $conf->fournisseur->dir_output.
"/facture/".
get_exdir($object->id, 2, 0, 0, $object,
'invoice_supplier').dol_sanitizeFileName($object->ref);
451 } elseif ($modulepart ==
'produit' || $modulepart ==
'product') {
452 require_once DOL_DOCUMENT_ROOT.
'/product/class/product.class.php';
454 if (!DolibarrApiAccess::$user->rights->produit->lire) {
455 throw new RestException(401);
458 $object =
new Product($this->db);
459 $result = $object->fetch($id, $ref);
461 throw new RestException(404,
'Product not found');
462 } elseif ($result < 0) {
463 throw new RestException(500,
'Error while fetching object: '.$object->error);
466 $upload_dir = $conf->product->multidir_output[$object->entity].
'/'.
get_exdir(0, 0, 0, 1, $object,
'product');
467 } elseif ($modulepart ==
'agenda' || $modulepart ==
'action' || $modulepart ==
'event') {
468 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
470 if (!DolibarrApiAccess::$user->rights->agenda->myactions->read && !DolibarrApiAccess::$user->rights->agenda->allactions->read) {
471 throw new RestException(401);
475 $result = $object->fetch($id, $ref);
477 throw new RestException(404,
'Event not found');
481 } elseif ($modulepart ==
'expensereport') {
482 require_once DOL_DOCUMENT_ROOT.
'/expensereport/class/expensereport.class.php';
484 if (!DolibarrApiAccess::$user->rights->expensereport->read && !DolibarrApiAccess::$user->rights->expensereport->read) {
485 throw new RestException(401);
489 $result = $object->fetch($id, $ref);
491 throw new RestException(404,
'Expense report not found');
495 } elseif ($modulepart ==
'knowledgemanagement') {
496 require_once DOL_DOCUMENT_ROOT.
'/knowledgemanagement/class/knowledgerecord.class.php';
498 if (!DolibarrApiAccess::$user->hasRight(
'knowledgemanagement',
'knowledgerecord',
'read') && !DolibarrApiAccess::$user->hasRight(
'knowledgemanagement',
'knowledgerecord',
'read')) {
499 throw new RestException(401);
503 $result = $object->fetch($id, $ref);
505 throw new RestException(404,
'KM article not found');
508 $upload_dir = $conf->knowledgemanagement->dir_output.
'/knowledgerecord/'.
dol_sanitizeFileName($object->ref);
509 } elseif ($modulepart ==
'categorie' || $modulepart ==
'category') {
510 require_once DOL_DOCUMENT_ROOT.
'/categories/class/categorie.class.php';
512 if (!DolibarrApiAccess::$user->rights->categorie->lire) {
513 throw new RestException(401);
517 $result = $object->fetch($id, $ref);
519 throw new RestException(404,
'Category not found');
522 $upload_dir = $conf->categorie->multidir_output[$object->entity].
'/'.
get_exdir($object->id, 2, 0, 0, $object,
'category').$object->id.
"/photos/".
dol_sanitizeFileName($object->ref);
523 } elseif ($modulepart ==
'ecm') {
524 throw new RestException(500,
'Modulepart Ecm not implemented yet.');
539 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
540 $modulepart =
'contrat';
541 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
543 $object =
new Contrat($this->db);
544 $result = $object->fetch($id, $ref);
546 throw new RestException(404,
'Contract not found');
549 $upload_dir = $conf->contrat->dir_output .
"/" .
get_exdir(0, 0, 0, 1, $object,
'contract');
550 } elseif ($modulepart ==
'projet' || $modulepart ==
'project') {
551 $modulepart =
'project';
552 require_once DOL_DOCUMENT_ROOT .
'/projet/class/project.class.php';
554 $object =
new Project($this->db);
555 $result = $object->fetch($id, $ref);
557 throw new RestException(404,
'Project not found');
560 $upload_dir = $conf->projet->dir_output .
"/" .
get_exdir(0, 0, 0, 1, $object,
'project');
562 throw new RestException(500,
'Modulepart '.$modulepart.
' not implemented yet.');
565 $objectType = $modulepart;
566 if (! empty($object->id) && ! empty($object->table_element)) {
567 $objectType = $object->table_element;
570 $filearray =
dol_dir_list($upload_dir, $type, $recursive,
'',
'(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) ==
'desc' ?SORT_DESC:SORT_ASC), 1);
571 if (empty($filearray)) {
572 throw new RestException(404,
'Search for modulepart '.$modulepart.
' with Id '.$object->id.(!empty($object->ref) ?
' or Ref '.$object->ref :
'').
' does not return any document.');
574 if (($object->id) > 0 && !empty($modulepart)) {
575 require_once DOL_DOCUMENT_ROOT.
'/ecm/class/ecmfiles.class.php';
577 $result = $ecmfile->fetchAll(
'',
'', 0, 0, array(
't.src_object_type' => $objectType,
't.src_object_id' => $object->id));
579 throw new RestException(503,
'Error when retrieve ecm list : '.$this->db->lasterror());
580 } elseif (is_array($ecmfile->lines) && count($ecmfile->lines) > 0) {
581 $count = count($filearray);
582 for ($i = 0 ; $i < $count ; $i++) {
583 if ($filearray[$i][
'name'] == $ecmfile->lines[$i]->filename) $filearray[$i] = array_merge($filearray[$i], (array) $ecmfile->lines[0]);
633 public function post($filename, $modulepart, $ref =
'', $subdir =
'', $filecontent =
'', $fileencoding =
'', $overwriteifexists = 0, $createdirifnotexists = 1)
641 if (empty($modulepart)) {
642 throw new RestException(400,
'Modulepart not provided.');
645 if (!DolibarrApiAccess::$user->rights->ecm->upload) {
646 throw new RestException(401);
649 $newfilecontent =
'';
650 if (empty($fileencoding)) {
651 $newfilecontent = $filecontent;
653 if ($fileencoding ==
'base64') {
654 $newfilecontent = base64_decode($filecontent);
661 $entity = DolibarrApiAccess::$user->entity;
662 if (empty($entity)) {
670 if ($modulepart ==
'facture' || $modulepart ==
'invoice') {
671 $modulepart =
'facture';
673 require_once DOL_DOCUMENT_ROOT.
'/compta/facture/class/facture.class.php';
674 $object =
new Facture($this->db);
675 } elseif ($modulepart ==
'facture_fournisseur' || $modulepart ==
'supplier_invoice') {
676 $modulepart =
'supplier_invoice';
678 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.facture.class.php';
680 } elseif ($modulepart ==
'commande' || $modulepart ==
'order') {
681 $modulepart =
'commande';
683 require_once DOL_DOCUMENT_ROOT.
'/commande/class/commande.class.php';
685 } elseif ($modulepart ==
'commande_fournisseur' || $modulepart ==
'supplier_order') {
686 $modulepart =
'supplier_order';
688 require_once DOL_DOCUMENT_ROOT.
'/fourn/class/fournisseur.commande.class.php';
690 } elseif ($modulepart ==
'projet' || $modulepart ==
'project') {
691 require_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
692 $object =
new Project($this->db);
693 } elseif ($modulepart ==
'task' || $modulepart ==
'project_task') {
694 $modulepart =
'project_task';
696 require_once DOL_DOCUMENT_ROOT.
'/projet/class/task.class.php';
697 $object =
new Task($this->db);
699 $task_result = $object->fetch(
'', $ref);
702 if ($task_result > 0) {
703 $project_result = $object->fetch_projet();
705 if ($project_result >= 0) {
709 throw new RestException(500,
'Error while fetching Task '.$ref);
711 } elseif ($modulepart ==
'product' || $modulepart ==
'produit' || $modulepart ==
'service' || $modulepart ==
'produit|service') {
712 require_once DOL_DOCUMENT_ROOT.
'/product/class/product.class.php';
713 $object =
new Product($this->db);
714 } elseif ($modulepart ==
'expensereport') {
715 require_once DOL_DOCUMENT_ROOT.
'/expensereport/class/expensereport.class.php';
717 } elseif ($modulepart ==
'fichinter') {
718 require_once DOL_DOCUMENT_ROOT.
'/fichinter/class/fichinter.class.php';
720 } elseif ($modulepart ==
'adherent' || $modulepart ==
'member') {
721 $modulepart =
'adherent';
722 require_once DOL_DOCUMENT_ROOT.
'/adherents/class/adherent.class.php';
724 } elseif ($modulepart ==
'proposal' || $modulepart ==
'propal' || $modulepart ==
'propale') {
725 $modulepart =
'propale';
726 require_once DOL_DOCUMENT_ROOT.
'/comm/propal/class/propal.class.php';
727 $object =
new Propal($this->db);
728 } elseif ($modulepart ==
'agenda' || $modulepart ==
'action' || $modulepart ==
'event') {
729 $modulepart =
'agenda';
730 require_once DOL_DOCUMENT_ROOT .
'/comm/action/class/actioncomm.class.php';
732 } elseif ($modulepart ==
'contact' || $modulepart ==
'socpeople') {
733 $modulepart =
'contact';
734 require_once DOL_DOCUMENT_ROOT.
'/contact/class/contact.class.php';
735 $object =
new Contact($this->db);
737 } elseif ($modulepart ==
'contrat' || $modulepart ==
'contract') {
738 $modulepart =
'contrat';
739 require_once DOL_DOCUMENT_ROOT .
'/contrat/class/contrat.class.php';
740 $object =
new Contrat($this->db);
743 throw new RestException(500,
'Modulepart '.$modulepart.
' not implemented yet.');
746 if (is_object($object)) {
748 $result = $object->fetch($ref);
750 $result = $object->fetch(
'', $ref);
754 throw new RestException(404,
"Object with ref '".$ref.
"' was not found.");
755 } elseif ($result < 0) {
756 throw new RestException(500,
'Error while fetching object: '.$object->error);
760 if (!($object->id > 0)) {
761 throw new RestException(404,
'The object '.$modulepart.
" with ref '".$ref.
"' was not found.");
766 if ($modulepart ==
'supplier_invoice') {
767 $tmpreldir =
get_exdir($object->id, 2, 0, 0, $object,
'invoice_supplier');
770 $relativefile = $tmpreldir.dol_sanitizeFileName($object->ref);
773 $upload_dir = $tmp[
'original_file'];
775 if (empty($upload_dir) || $upload_dir ==
'/') {
776 throw new RestException(500,
'This value of modulepart ('.$modulepart.
') does not support yet usage of ref. Check modulepart parameter or try to use subdir parameter instead of ref.');
779 if ($modulepart ==
'invoice') {
780 $modulepart =
'facture';
782 if ($modulepart ==
'member') {
783 $modulepart =
'adherent';
786 $relativefile = $subdir;
788 $upload_dir = $tmp[
'original_file'];
790 if (empty($upload_dir) || $upload_dir ==
'/') {
791 if (!empty($tmp[
'error'])) {
792 throw new RestException(401,
'Error returned by dol_check_secure_access_document: '.$tmp[
'error']);
794 throw new RestException(500,
'This value of modulepart ('.$modulepart.
') is not allowed with this value of subdir ('.$relativefile.
')');
802 if (!empty($createdirifnotexists)) {
804 throw new RestException(500,
'Error while trying to create directory '.$upload_dir);
808 $destfile = $upload_dir.
'/'.$original_file;
809 $destfiletmp = DOL_DATA_ROOT.
'/admin/temp/'.$original_file;
814 throw new RestException(401,
'Directory not exists : '.dirname($destfile));
817 if (!$overwriteifexists &&
dol_is_file($destfile)) {
818 throw new RestException(500,
"File with name '".$original_file.
"' already exists.");
826 $fhandle = @fopen($destfiletmp,
'w');
828 $nbofbyteswrote = fwrite($fhandle, $newfilecontent);
832 throw new RestException(500,
"Failed to open file '".$destfiletmp.
"' for write");
835 $disablevirusscan = 0;
836 $src_file = $destfiletmp;
837 $dest_file = $destfile;
841 if (empty($disablevirusscan) && file_exists($src_file)) {
843 if (count($checkvirusarray)) {
844 dol_syslog(
'Files.lib::dol_move_uploaded_file File "'.$src_file.
'" (target name "'.$dest_file.
'") KO with antivirus: errors='.join(
',', $checkvirusarray), LOG_WARNING);
845 throw new RestException(500,
'ErrorFileIsInfectedWithAVirus: '.join(
',', $checkvirusarray));
854 $publicmediasdirwithslash = $conf->medias->multidir_output[$conf->entity];
855 if (!preg_match(
'/\/$/', $publicmediasdirwithslash)) {
856 $publicmediasdirwithslash .=
'/';
859 if (strpos($upload_dir, $publicmediasdirwithslash) !== 0 || !
getDolGlobalInt(
"MAIN_DOCUMENT_DISABLE_NOEXE_IN_MEDIAS_DIR")) {
860 $dest_file .=
'.noexe';
866 if (preg_match(
'/^\./', basename($src_file)) || preg_match(
'/\.\./', $src_file) || preg_match(
'/[<>|]/', $src_file)) {
867 dol_syslog(
"Refused to deliver file ".$src_file, LOG_WARNING);
868 throw new RestException(500,
"Refused to deliver file ".$src_file);
873 if (preg_match(
'/^\./', basename($dest_file)) || preg_match(
'/\.\./', $dest_file) || preg_match(
'/[<>|]/', $dest_file)) {
874 dol_syslog(
"Refused to deliver file ".$dest_file, LOG_WARNING);
875 throw new RestException(500,
"Refused to deliver file ".$dest_file);
878 $result =
dol_move($destfiletmp, $dest_file, 0, $overwriteifexists, 1, 1);
880 throw new RestException(500,
"Failed to move file into '".$destfile.
"'");
899 public function delete($modulepart, $original_file)
901 global $conf, $langs;
903 if (empty($modulepart)) {
904 throw new RestException(400,
'bad value for parameter modulepart');
906 if (empty($original_file)) {
907 throw new RestException(400,
'bad value for parameter original_file');
911 $entity = $conf->entity;
922 $relativefile = $original_file;
925 $accessallowed = $check_access[
'accessallowed'];
926 $sqlprotectagainstexternals = $check_access[
'sqlprotectagainstexternals'];
927 $original_file = $check_access[
'original_file'];
929 if (preg_match(
'/\.\./', $original_file) || preg_match(
'/[<>|]/', $original_file)) {
930 throw new RestException(401);
932 if (!$accessallowed) {
933 throw new RestException(401);
936 $filename = basename($original_file);
937 $original_file_osencoded =
dol_osencode($original_file);
939 if (!file_exists($original_file_osencoded)) {
940 dol_syslog(
"Try to download not found file ".$original_file_osencoded, LOG_WARNING);
941 throw new RestException(404,
'File not found');
944 if (@unlink($original_file_osencoded)) {
948 'message' =>
'Document deleted'
953 throw new RestException(401);
968 foreach (Documents::$DOCUMENT_FIELDS as $field) {
969 if (!isset($data[$field])) {
970 throw new RestException(400,
"$field field missing");
972 $result[$field] = $data[$field];
Class to manage agenda events (actions)
Class to manage members of a foundation.
Class to manage categories.
Class to manage predefined suppliers products.
Class to manage customers orders.
Class to manage contracts.
API class for receive files.
post($filename, $modulepart, $ref='', $subdir='', $filecontent='', $fileencoding='', $overwriteifexists=0, $createdirifnotexists=1)
Return a document.
__construct()
Constructor.
index($modulepart, $original_file='')
Download a document.
getDocumentsListByElement($modulepart, $id=0, $ref='', $sortfield='', $sortorder='')
Return the list of documents of a dedicated element (from its ID or Ref)
builddoc($modulepart, $original_file='', $doctemplate='', $langcode='')
Build a document.
_validate_file($data)
Validate fields before create or update object.
Class to manage ECM files.
Class to manage shipments.
Class to manage Trips and Expenses.
Class to manage suppliers invoices.
Class to manage invoices.
Class to manage interventions.
Class for KnowledgeRecord.
Class to manage products or services.
Class to manage projects.
Class to manage proposals.
Class to manage third parties objects (customers, suppliers, prospects...)
Class to manage translations.
Class to manage Dolibarr users.
dolCheckVirus($src_file)
Check virus into a file.
dol_basename($pathfile)
Make a basename working with all page code (default PHP basenamed fails with cyrillic).
dol_delete_file($file, $disableglob=0, $nophperrors=0, $nohook=0, $object=null, $allowdotdot=false, $indexdatabase=1, $nolog=0)
Remove a file or several files with a mask.
dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser='', $refname='', $mode='read')
Security check when accessing to a document (used by document.php, viewimage.php and webservices to g...
dol_is_file($pathoffile)
Return if path is a file.
dol_dir_list($path, $types="all", $recursive=0, $filter="", $excludefilter=null, $sortcriteria="name", $sortorder=SORT_ASC, $mode=0, $nohook=0, $relativename="", $donotfollowsymlinks=0, $nbsecondsold=0)
Scan a directory and return a list of files/directories.
dol_is_dir($folder)
Test if filename is a directory.
dol_move($srcfile, $destfile, $newmask=0, $overwriteifexists=1, $testvirus=0, $indexdatabase=1)
Move a file into another name.
dol_mimetype($file, $default='application/octet-stream', $mode=0)
Return MIME type of a file from its name with extension.
dol_osencode($str)
Return a string encoded into OS filesystem encoding.
dolChmod($filepath, $newmask='')
Change mod of a file.
getDolGlobalInt($key, $default=0)
Return dolibarr global constant int value.
dol_sanitizeFileName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a file name.
isAFileWithExecutableContent($filename)
Return if a file can contains executable content.
get_exdir($num, $level, $alpha, $withoutslash, $object, $modulepart='')
Return a path to have a the directory according to object where files are stored.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)